2018-10-09 17:00:01 -04:00
/ *
2019-04-09 14:39:42 -04:00
* MinIO Cloud Storage , ( C ) 2018 MinIO , Inc .
2018-10-09 17:00:01 -04:00
*
* Licensed under the Apache License , Version 2.0 ( the "License" ) ;
* you may not use this file except in compliance with the License .
* You may obtain a copy of the License at
*
* http : //www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing , software
* distributed under the License is distributed on an "AS IS" BASIS ,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND , either express or implied .
* See the License for the specific language governing permissions and
* limitations under the License .
* /
package cmd
import (
2019-09-30 17:05:19 -04:00
"context"
2018-10-09 17:00:01 -04:00
"encoding/xml"
"net/http"
2019-07-03 01:34:32 -04:00
xhttp "github.com/minio/minio/cmd/http"
2019-09-30 17:05:19 -04:00
"github.com/minio/minio/cmd/logger"
2018-10-09 17:00:01 -04:00
)
// writeSTSErrorRespone writes error headers
2020-05-21 12:09:18 -04:00
func writeSTSErrorResponse ( ctx context . Context , w http . ResponseWriter , isErrCodeSTS bool , errCode STSErrorCode , errCtxt error ) {
var err STSError
if isErrCodeSTS {
err = stsErrCodes . ToSTSErr ( errCode )
}
if err . Code == "InternalError" || ! isErrCodeSTS {
2020-03-18 20:25:45 -04:00
aerr := getAPIError ( APIErrorCode ( errCode ) )
if aerr . Code != "InternalError" {
err . Code = aerr . Code
err . Description = aerr . Description
err . HTTPStatusCode = aerr . HTTPStatusCode
}
}
2018-10-09 17:00:01 -04:00
// Generate error response.
2019-09-30 17:05:19 -04:00
stsErrorResponse := STSErrorResponse { }
stsErrorResponse . Error . Code = err . Code
stsErrorResponse . RequestID = w . Header ( ) . Get ( xhttp . AmzRequestID )
stsErrorResponse . Error . Message = err . Description
if errCtxt != nil {
2020-08-24 15:11:20 -04:00
stsErrorResponse . Error . Message = errCtxt . Error ( )
2019-09-30 17:05:19 -04:00
}
2020-05-18 12:59:45 -04:00
var logKind logger . Kind
2019-10-11 21:50:54 -04:00
switch errCode {
case ErrSTSInternalError , ErrSTSNotInitialized :
logKind = logger . Minio
default :
2020-05-18 12:59:45 -04:00
logKind = logger . All
2019-10-11 21:50:54 -04:00
}
logger . LogIf ( ctx , errCtxt , logKind )
2018-10-09 17:00:01 -04:00
encodedErrorResponse := encodeResponse ( stsErrorResponse )
2019-02-14 20:54:33 -05:00
writeResponse ( w , err . HTTPStatusCode , encodedErrorResponse , mimeXML )
2018-10-09 17:00:01 -04:00
}
// STSError structure
type STSError struct {
Code string
Description string
HTTPStatusCode int
}
// STSErrorResponse - error response format
type STSErrorResponse struct {
XMLName xml . Name ` xml:"https://sts.amazonaws.com/doc/2011-06-15/ ErrorResponse" json:"-" `
Error struct {
Type string ` xml:"Type" `
Code string ` xml:"Code" `
Message string ` xml:"Message" `
} ` xml:"Error" `
RequestID string ` xml:"RequestId" `
}
// STSErrorCode type of error status.
type STSErrorCode int
2021-03-31 12:30:52 -04:00
//go:generate stringer -type=STSErrorCode -trimprefix=Err $GOFILE
2018-10-09 17:00:01 -04:00
// Error codes, non exhaustive list - http://docs.aws.amazon.com/STS/latest/APIReference/API_AssumeRoleWithSAML.html
const (
ErrSTSNone STSErrorCode = iota
2019-02-27 20:46:55 -05:00
ErrSTSAccessDenied
2018-10-09 17:00:01 -04:00
ErrSTSMissingParameter
ErrSTSInvalidParameterValue
2019-01-04 16:48:12 -05:00
ErrSTSWebIdentityExpiredToken
2018-10-09 17:00:01 -04:00
ErrSTSClientGrantsExpiredToken
ErrSTSInvalidClientGrantsToken
ErrSTSMalformedPolicyDocument
ErrSTSNotInitialized
ErrSTSInternalError
)
2019-02-14 20:54:33 -05:00
type stsErrorCodeMap map [ STSErrorCode ] STSError
func ( e stsErrorCodeMap ) ToSTSErr ( errCode STSErrorCode ) STSError {
apiErr , ok := e [ errCode ]
if ! ok {
return e [ ErrSTSInternalError ]
}
return apiErr
}
2018-10-09 17:00:01 -04:00
// error code to STSError structure, these fields carry respective
// descriptions for all the error responses.
2019-02-14 20:54:33 -05:00
var stsErrCodes = stsErrorCodeMap {
2019-02-27 20:46:55 -05:00
ErrSTSAccessDenied : {
Code : "AccessDenied" ,
Description : "Generating temporary credentials not allowed for this request." ,
HTTPStatusCode : http . StatusForbidden ,
} ,
2018-10-09 17:00:01 -04:00
ErrSTSMissingParameter : {
Code : "MissingParameter" ,
Description : "A required parameter for the specified action is not supplied." ,
HTTPStatusCode : http . StatusBadRequest ,
} ,
ErrSTSInvalidParameterValue : {
Code : "InvalidParameterValue" ,
Description : "An invalid or out-of-range value was supplied for the input parameter." ,
HTTPStatusCode : http . StatusBadRequest ,
} ,
2019-01-04 16:48:12 -05:00
ErrSTSWebIdentityExpiredToken : {
Code : "ExpiredToken" ,
Description : "The web identity token that was passed is expired or is not valid. Get a new identity token from the identity provider and then retry the request." ,
HTTPStatusCode : http . StatusBadRequest ,
} ,
2018-10-09 17:00:01 -04:00
ErrSTSClientGrantsExpiredToken : {
Code : "ExpiredToken" ,
2019-01-04 16:48:12 -05:00
Description : "The client grants that was passed is expired or is not valid. Get a new client grants token from the identity provider and then retry the request." ,
2018-10-09 17:00:01 -04:00
HTTPStatusCode : http . StatusBadRequest ,
} ,
ErrSTSInvalidClientGrantsToken : {
Code : "InvalidClientGrantsToken" ,
2019-04-09 14:39:42 -04:00
Description : "The client grants token that was passed could not be validated by MinIO." ,
2018-10-09 17:00:01 -04:00
HTTPStatusCode : http . StatusBadRequest ,
} ,
ErrSTSMalformedPolicyDocument : {
Code : "MalformedPolicyDocument" ,
Description : "The request was rejected because the policy document was malformed." ,
HTTPStatusCode : http . StatusBadRequest ,
} ,
ErrSTSNotInitialized : {
Code : "STSNotInitialized" ,
Description : "STS API not initialized, please try again." ,
HTTPStatusCode : http . StatusServiceUnavailable ,
} ,
ErrSTSInternalError : {
Code : "InternalError" ,
Description : "We encountered an internal error generating credentials, please try again." ,
HTTPStatusCode : http . StatusInternalServerError ,
} ,
}